Secure testing commits - Apr 2006 - r3849 - data/CVE

Author: stef-guest
Date: 2006-04-22 14:05:52 +0000 (Sat, 22 Apr 2006)
New Revision: 3849

Modified:
   data/CVE/list
Log:
a few NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-22 10:58:06 UTC (rev 3848)
+++ data/CVE/list	2006-04-22 14:05:52 UTC (rev 3849)
@@ -271,21 +271,23 @@
 CVE-2006-1845 (Buffer overflow in the POP3 server in Kinesphere Corporation
EXchange ...)
 	TODO: check
 CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2)
base-config ...)
-	TODO: check
+	NOTE: seems to be a duplicate of CVE-2006-1376
+        - shadow 1:4.0.14-9 (bug #358210; bug #356939)
+        - base-config 2.68 (bug #254068; low)
 CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in
ShoutBOOK ...)
-	TODO: check
+	NOT-FOR-US: ShoutBOOK
 CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in
ShoutBOOK ...)
-	TODO: check
+	NOT-FOR-US: ShoutBOOK
 CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in
boastMachine ...)
-	TODO: check
+	NOT-FOR-US: boastMachine
 CVE-2006-1840 (Multiple unspecified vulnerabilities in Empire Server before
4.3.1 ...)
-	TODO: check
+	NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
 CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP
Album ...)
-	TODO: check
+	NOT-FOR-US: PHP Album 
 CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: Fuju News
 CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Fuju News
 CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in
...)
 	NOT-FOR-US: Symantec LiveUpdate
 CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in
Calendarix ...)